Skip to content

CrowdStrike Falcon for IT Admins

Last updated: July 28, 2025
Audience: IT Staff / Technical

UW-IT is retiring Sophos antivirus and replacing it with CrowdStrike Falcon for UW-owned computers. All departments must uninstall Sophos Central and complete Falcon installation by August 30, 2025.

This guide outlines required actions, uninstall instructions, and resources for supporting end users.

Key Dates & Responsibilities

August 1, 2025: Sophos Central Tamper Protection is turned off.
August 29, 2025: CrowdStrike Falcon must be deployed on all UW-owned devices.
August 30, 2025: Sophos Central and Home access ends and all updates and threat protection stop.

IT Admins are responsible for:

  • Uninstalling Sophos Central from managed devices
  • Deploying CrowdStrike Falcon
  • Assisting users with questions and verifying devices are protected

Step 1: Uninstall Sophos Central

  1. Open the Start Menu > Settings > Apps
  2. Find Sophos Endpoint Agent and click Uninstall
  3. Or run SophosUninstall.exe from C:\Program Files\Sophos\Sophos Endpoint Agent

For additional assistance with the uninstall process, review the documentation about uninstalling Sophos on Windows.

  1. Press Command + Spacebar and search for “Remove Sophos”
  2. Run the Remove Sophos utility
  3. If not available, use the command line uninstall script or contact Sophos support

For additional assistance with the uninstall process, review the documentation about uninstalling Sophos on macOSX.

Step 2: Deploy CrowdStrike Falcon

  1. Follow the instructions in the Windows Quick Start Guide (.DocX)
  1. Follow the instructions in the macOSX Quick Start Guide (.DocX)

Step 3: Support End Users

  • Faculty or staff may have Sophos Central on UW devices and Sophos Home on personal, non-UW-owned devices
  • Users without IT support may ask for help uninstalling Sophos or installing Falcon
    • Direct them to your team or have them email help@uw.edu with “CrowdStrike Falcon” in the subject line
  • Expect increased requests in August as the Sophos expiration deadline nears
  • Encourage early action now to reduce last-minute support needs

Questions or Issues?

Contact the CrowdStrike project team at help@uw.edu with “CrowdStrike Falcon” in the subject line.